diff --git a/cluster/images/provider-jet-gcp-controller/Dockerfile b/cluster/images/provider-jet-gcp-controller/Dockerfile
index da54a186..590e356b 100644
--- a/cluster/images/provider-jet-gcp-controller/Dockerfile
+++ b/cluster/images/provider-jet-gcp-controller/Dockerfile
@@ -40,6 +40,7 @@ ADD provider /usr/local/bin/crossplane-provider
 ENV TERRAFORM_VERSION ${TERRAFORM_VERSION}
 ENV TERRAFORM_PROVIDER_SOURCE ${TERRAFORM_PROVIDER_SOURCE}
 ENV TERRAFORM_PROVIDER_VERSION ${TERRAFORM_PROVIDER_VERSION}
+ENV TERRAFORM_NATIVE_PROVIDER_PATH ${PLUGIN_DIR}/${TERRAFORM_PROVIDER_DOWNLOAD_NAME}_v${TERRAFORM_PROVIDER_VERSION}_x5
 
 USER ${USER_ID}
 EXPOSE 8080
diff --git a/cmd/provider/main.go b/cmd/provider/main.go
index 4841c66c..2b399226 100644
--- a/cmd/provider/main.go
+++ b/cmd/provider/main.go
@@ -22,20 +22,22 @@ import (
 	"path/filepath"
 	"time"
 
+	"gopkg.in/alecthomas/kingpin.v2"
+	kerrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/tools/leaderelection/resourcelock"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 	xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller"
 	"github.com/crossplane/crossplane-runtime/pkg/feature"
 	"github.com/crossplane/crossplane-runtime/pkg/logging"
 	"github.com/crossplane/crossplane-runtime/pkg/ratelimiter"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
+
 	tjcontroller "github.com/crossplane/terrajet/pkg/controller"
 	"github.com/crossplane/terrajet/pkg/terraform"
-	"gopkg.in/alecthomas/kingpin.v2"
-	kerrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/tools/leaderelection/resourcelock"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
 	"github.com/crossplane-contrib/provider-jet-gcp/apis"
 	"github.com/crossplane-contrib/provider-jet-gcp/apis/v1alpha1"
@@ -47,14 +49,15 @@ import (
 
 func main() {
 	var (
-		app              = kingpin.New(filepath.Base(os.Args[0]), "Terraform based Crossplane provider for GCP").DefaultEnvars()
-		debug            = app.Flag("debug", "Run with debug logging.").Short('d').Bool()
-		syncPeriod       = app.Flag("sync", "Controller manager sync period such as 300ms, 1.5h, or 2h45m").Short('s').Default("1h").Duration()
-		leaderElection   = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool()
-		terraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String()
-		providerSource   = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String()
-		providerVersion  = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String()
-		maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may checked for drift from the desired state.").Default("10").Int()
+		app                = kingpin.New(filepath.Base(os.Args[0]), "Terraform based Crossplane provider for GCP").DefaultEnvars()
+		debug              = app.Flag("debug", "Run with debug logging.").Short('d').Bool()
+		syncPeriod         = app.Flag("sync", "Controller manager sync period such as 300ms, 1.5h, or 2h45m").Short('s').Default("1h").Duration()
+		leaderElection     = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool()
+		terraformVersion   = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String()
+		providerSource     = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String()
+		providerVersion    = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String()
+		nativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String()
+		maxReconcileRate   = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may checked for drift from the desired state.").Default("10").Int()
 
 		namespace                  = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String()
 		enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool()
@@ -86,6 +89,11 @@ func main() {
 	kingpin.FatalIfError(err, "Cannot create controller manager")
 	kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add GCP APIs to scheme")
 
+	var runner terraform.ProviderRunner = terraform.NewNoOpProviderRunner()
+	if len(*nativeProviderPath) != 0 {
+		runner = terraform.NewSharedProvider(log, *nativeProviderPath, "registry.terraform.io/"+*providerSource)
+	}
+
 	o := tjcontroller.Options{
 		Options: xpcontroller.Options{
 			Logger:                  log,
@@ -95,7 +103,7 @@ func main() {
 			Features:                &feature.Flags{},
 		},
 		Provider:       config.GetProvider(),
-		WorkspaceStore: terraform.NewWorkspaceStore(log),
+		WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithProviderRunner(runner)),
 		SetupFn:        clients.TerraformSetupBuilder(*terraformVersion, *providerSource, *providerVersion),
 	}
 	if *enableExternalSecretStores {
diff --git a/go.mod b/go.mod
index 63de60a3..125bd42d 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.17
 require (
 	github.com/crossplane/crossplane-runtime v0.15.1-0.20220315141414-988c9ba9c255
 	github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e
-	github.com/crossplane/terrajet v0.4.0-rc.0.0.20220325072044-3143bc68c282
+	github.com/crossplane/terrajet v0.4.0-rc.0.0.20220421012850-4f9db892a4ae
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0
 	github.com/pkg/errors v0.9.1
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
diff --git a/go.sum b/go.sum
index ed11d572..02ff2c62 100644
--- a/go.sum
+++ b/go.sum
@@ -156,8 +156,8 @@ github.com/crossplane/crossplane-runtime v0.15.1-0.20220315141414-988c9ba9c255 h
 github.com/crossplane/crossplane-runtime v0.15.1-0.20220315141414-988c9ba9c255/go.mod h1:IPT3HTsovwmbw3i+SdsOyaC3r3b7TW+otBMmZsHLnSU=
 github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e h1:HqLaMji3FRPwEBA5P6twPz0HbE6no0XOnByLU5O1noM=
 github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e/go.mod h1:xFf30hwHd5n0/a0D4ZomId8nxQTTjE0Hc1j4/rWxefc=
-github.com/crossplane/terrajet v0.4.0-rc.0.0.20220325072044-3143bc68c282 h1:O15zUKOHd6Z//BunjPb3XP9yGzR0xOracifjeaByk60=
-github.com/crossplane/terrajet v0.4.0-rc.0.0.20220325072044-3143bc68c282/go.mod h1:PY1geRNxxNXs2RFhGC36N7dDu3wZPhUZmAk6c4gQxAI=
+github.com/crossplane/terrajet v0.4.0-rc.0.0.20220421012850-4f9db892a4ae h1:16m4myvQjkUxx8Rai4CePbrjKZnivLPD8VQ++J8HRyU=
+github.com/crossplane/terrajet v0.4.0-rc.0.0.20220421012850-4f9db892a4ae/go.mod h1:PY1geRNxxNXs2RFhGC36N7dDu3wZPhUZmAk6c4gQxAI=
 github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw=
 github.com/dave/jennifer v1.4.1/go.mod h1:7jEdnm+qBcxl8PC0zyp7vxcpSRnzXSt9r39tpTVGlwA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
diff --git a/internal/clients/gcp.go b/internal/clients/gcp.go
index 33413c72..a31746c6 100644
--- a/internal/clients/gcp.go
+++ b/internal/clients/gcp.go
@@ -1,8 +1,23 @@
+/*
+Copyright 2022 The Crossplane Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package clients
 
 import (
 	"context"
-	"fmt"
 
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
@@ -17,12 +32,10 @@ import (
 const (
 	keyProject = "project"
 
-	envCredentials = "GOOGLE_CREDENTIALS"
+	keyCredentials = "credentials"
 )
 
 const (
-	fmtEnvVar = "%s=%s"
-
 	// error messages
 	errNoProviderConfig   = "no providerConfigRef provided"
 	errGetProviderConfig  = "cannot get referenced ProviderConfig"
@@ -70,10 +83,8 @@ func TerraformSetupBuilder(version, providerSource, providerVersion string) terr
 				return ps, errors.Wrap(err, errExtractCredentials)
 			}
 
-			// set environment variables for sensitive provider configuration
-			ps.Env = []string{
-				fmt.Sprintf(fmtEnvVar, envCredentials, string(data)),
-			}
+			// set provider configuration keys for GCP credentials
+			ps.Configuration[keyCredentials] = string(data)
 		}
 		return ps, nil
 	}